CDK Global cyberattack still crippling car dealers

CBS News
1 Jul 202404:57

Summary

TLDRFollowing a major cyberattack on CDK Global, a software provider for car dealerships, many businesses are still struggling to operate fully, reverting to manual processes. The ransomware attack on June 19th has led to an estimated financial loss of at least $944 million due to business interruptions. Experts suggest that recovering from such intrusions can take weeks to months, emphasizing the need for businesses to focus on multifactor authentication, system patching, and proactive defense measures to harden against future attacks.

Takeaways

  • 🚨 A major cyberattack on CDK Global, a company providing software for car dealerships, has caused significant operational disruptions.
  • ⏱️ Recovery from the ransomware attack is expected to take weeks to months, which is common for enterprise-wide intrusions.
  • 🔒 The process involves ensuring the threat actor no longer has access, investigating the breach, and recovering systems.
  • 💡 Hardening the environment to prevent re-hack is as important as recovery, emphasizing the need for robust security measures.
  • 💸 The estimated financial loss from the outage could be at least $944 million due to business interruptions over the first three weeks.
  • 📈 Extortion operations targeting organizations in the United States are frequent, with ransomware a common method to demand payments.
  • 🏥 There has been an increase in targeted attacks against healthcare organizations, indicating a shift in threat actor focus.
  • 🛡️ Multifactor authentication is crucial for defending networks against unauthorized access.
  • 🔄 Regular patching of systems and software is critical to maintaining security and preventing intrusions.
  • 🕵️‍♂️ Engaging ethical hackers to test network defenses before threat actors can exploit vulnerabilities is recommended.
  • 🎯 Businesses should assume a level of intrusion and build defensive controls to minimize the impact of an attack on operations.

Q & A

  • What major event occurred nearly two weeks prior to the script's recording?

    -A major cyberattack on a company that provides software for car dealerships took place.

  • Which company was affected by the cyberattack?

    -CDK Global was the company affected by the ransomware attack.

  • What systems does CDK Global provide for car dealerships?

    -CDK Global provides systems to help run operations, manage inventory, and handle customer relations.

  • Why have some car dealerships had to revert to using paper and pen?

    -Due to the cyberattack on CDK Global, many car dealerships are not fully functioning and had to revert to manual processes.

  • What was the expected date for the systems to be back to normal operations?

    -The systems were expected to be back by July 4th.

  • What is the estimated financial loss from the outage over the first three weeks?

    -The estimated financial loss from the outage is at least $944 million due to business interruptions.

  • Why does it take several weeks to recover from an enterprise-wide intrusion?

    -It takes time to ensure the threat actor no longer has access, perform investigative work, recover systems, and harden the environment to prevent re-intrusion.

  • What is the common pattern in extortion operations against organizations in the United States?

    -Extortion operations often involve the deployment of ransomware and the demand for extortion payments from threat actors.

  • Which sectors have been targeted by threat actors in recent attacks?

    -Sectors such as healthcare, supply chain organizations, and banking have been targeted.

  • What is the role of Charles Carmichael in the context of this discussion?

    -Charles Carmichael is a consultant from the organization of Google Cloud, discussing the cyberattack and recovery process.

  • What are some fundamental measures businesses can take to harden their targets against cyber threats?

    -Businesses should focus on multifactor authentication, engaging ethical hackers to test defenses, patching systems and software, and building defensive controls and visibility across the environment.

  • Are there certain types of businesses that are more likely to be targeted by threat actors?

    -Threat actors are opportunistic and target any organization capable of paying multimillion-dollar demands, but there has been a noticeable increase in targeted attacks against healthcare organizations.

Outlines

00:00

🛑 Impact of Cyberattack on Car Dealerships

A major cyberattack on CDK Global, a software provider for car dealerships, has left many businesses partially non-functional for nearly two weeks. The company relies on CDK Global for operational systems, inventory, and customer relations. Following the ransomware attack on June 19th, some dealerships have had to revert to manual processes with paper and pen. The company anticipates being back online by July 4th and estimates financial losses from the outage to be at least $944 million due to business interruptions over the first three weeks. Charles Carmichael, from Google Cloud, discusses the commonality of such extended recovery times for enterprise-wide intrusions, the investigative work required to ensure the threat actor no longer has access, and the process of hardening the environment to prevent re-hacking.

Mindmap

Keywords

💡Cyberattack

A cyberattack refers to any attempt to gain unauthorized access to a computer, server, or network to cause damage, steal sensitive data, or disrupt normal operations. In the video's context, a major cyberattack on a company providing software for car dealerships has caused significant operational disruptions, illustrating the severity and impact of such incidents on businesses.

💡CDK Global

CDK Global is a company that provides software solutions for car dealerships, aiding in the management of operations, inventory, and customer relations. The script highlights that a ransomware attack on CDK Global has affected many dealerships, emphasizing the reliance of businesses on such software providers for critical functions.

💡Ransomware

Ransomware is a type of malicious software that encrypts a victim's data and demands payment to restore access. The script mentions a 'ransomware attack,' indicating the specific nature of the cyberattack that has impacted CDK Global and, by extension, the car dealerships that rely on their services.

💡Business Interruption

Business interruption refers to the halt or disruption of normal business activities, often due to unforeseen events. The script discusses the financial losses estimated at $944 million due to business interruptions caused by the cyberattack, highlighting the economic impact of such events.

💡Recovery Time

Recovery time in the context of a cyberattack is the period required to restore systems and operations to normal after an incident. The script notes that it is common for organizations to take several weeks to a few months to recover from enterprise-wide intrusions, indicating the complexity and time-consuming nature of post-attack recovery.

💡Threat Actor

A threat actor is an individual or group that poses a threat to an organization's security, often by attempting unauthorized access or carrying out cyberattacks. The script mentions ensuring that the 'threat actor no longer has access to the environment,' which is a critical step in the recovery process after a cyberattack.

💡Hardening

Hardening, in cybersecurity, refers to the process of securing a system or network by reducing its vulnerability to attacks. The script suggests that organizations need to 'harden' their environments to prevent re-hacking, which involves implementing stronger security measures.

💡Extortion

Extortion is the act of obtaining money or other benefits by threat or force. In the context of the script, extortion operations are conducted against organizations, often through ransomware attacks, where threat actors demand payment in exchange for not disrupting business operations or releasing sensitive data.

💡Multifactor Authentication

Multifactor authentication is a security system that requires more than one method of verification to access a resource. The script points out the importance of multifactor authentication for defending networks against unauthorized access, suggesting it as a fundamental security measure.

💡Patch

In the context of cybersecurity, a patch is a piece of software designed to fix problems or vulnerabilities in a system. The script emphasizes the critical importance of patching systems and software to prevent exploitation by threat actors.

💡Healthcare Organizations

Healthcare organizations are mentioned in the script as targets of more targeted attacks in recent months. This highlights the sector as particularly vulnerable to cyberattacks, possibly due to the sensitive nature of the data they hold and the critical need for uninterrupted services.

Highlights

A major cyberattack on a company that provides software for car dealerships has left many not fully functioning nearly two weeks after the incident.

The affected company, CDK Global, provides systems for operations, inventory, and customer relations to car dealerships.

Since the ransomware attack on June 19th, some car dealers have had to revert to using paper and pen due to system outages.

CDK Global expects to be back to full functionality by July 4th.

The estimated financial losses from the outage could be at least $944 million due to business interruptions over the first three weeks.

Charles Carmichael from Google Cloud Consulting discusses the challenges of recovering from enterprise-wide intrusions.

Recovery from such cyberattacks can take several weeks to a few months.

Ensuring that the threat actor no longer has access to the environment is a crucial part of the recovery process.

Investigative work is needed to understand how the intrusion occurred and to ensure the threat actor does not retain access.

Systems and environments must be recovered to continue business operations, which can take weeks.

Hardening the environment to prevent re-hacking is a critical final step in the recovery process.

Extortion operations are common against US organizations, with many involving ransomware and extortion demands.

Attacks have targeted healthcare, supply chain, banking, and other sectors, with threat actors seeking multimillion-dollar demands.

The increasing sophistication of threat actors is a continuous challenge, but defensive measures are also improving.

Law enforcement actions may help decrease the number of intrusions over time.

Businesses should focus on fundamentals like multifactor authentication, engaging ethical hackers, patching systems, and building defensive controls.

Any organization can be a target for extortion, but healthcare has seen more targeted attacks recently.

Transcripts

play00:06

.

play00:06

>>> NEARLY TWO WEEKS AFTER A

play00:09

MAJOR CYBERATTACK ON A COMPANY

play00:12

THAT PROVIDES SOFTWARE FOR CAR

play00:14

DEALERSHIPS.

play00:14

MANY ARE NOT FULLY FUNCTIONING

play00:16

THE COMPANIES RELY ON CDK

play00:17

GLOBAL FOR SYSTEMS TO HELP RUN

play00:21

THEIR OPERATIONS AND FOR

play00:22

INVENTORY AND CUSTOMER

play00:23

RELATIONS.

play00:24

BUT, SINCE THE RANSOM AWARE

play00:25

ATTACK ON JUNE 19th, SOME CAR

play00:28

DEALER HIS TO REVERT BACK TO

play00:34

OLD OLD FASHIONED WAY, WITH

play00:39

PAPER AND PEN.

play00:39

THEY EXPECT THEM TO BE BACK BY

play00:42

JULY 4th.

play00:42

THEY ESTIMATE THAT FINANCIAL

play00:43

LOSSES FROM THE OUTAGE COULD BE

play00:47

AT LEAST $944 MILLION.

play00:49

AS A RESULT OF BUSINESS

play00:55

INTERRUPTIONS OVER THE FIRST

play00:56

THREE WEEKS.

play00:57

. CHARLES CARMICHAEL JOINS ME

play01:00

NOW, CONSULTING THE

play01:01

ORGANIZATION OF GOGGLE CLOUD.

play01:02

THANK YOU FOR JOINING US.

play01:04

SO, THE OUTAGE, THE CDK

play01:05

CYBEROUTAGE IS STRETCHING INTO

play01:06

THE THIRD WEEK.

play01:07

WHY IS IT TAKING SO LONG TO GET

play01:09

THINGS BACK UP AND RUNNING?

play01:11

>> IT IS INCREDIBLY COMMON FOR

play01:15

ORGANIZATIONS THAT DEAL WITH

play01:16

ENTERPRISE WIDE INTRUSIONS FOR

play01:17

SEVERAL WEEKS, PERHAPS A MONTH

play01:19

OR A FEW MONTHS TO REALLY

play01:22

RECOVER THEIR BUSINESS

play01:22

OPERATIONS.

play01:22

WHAT THEY ARE DEALING WITH

play01:28

RIGHT NOW IS NOT AT ALL

play01:33

UNCOMMON.

play01:34

>> WHAT TAKES SO LONG?

play01:35

CLOSING THE DOOR?

play01:35

>> Reporter: IT IS A

play01:37

COMBINATION OF A FEW THINGS.

play01:38

YOU HAVE TO ENSURE THAT THE

play01:40

THREAT ACTOR NO LONGER HAS

play01:43

ACCESS TO THE ENVIRONMENT.

play01:44

TREMENDOUS AMOUNT OF

play01:45

INVESTIGATIVE WORK TO BE

play01:46

PERFORMED TO FIGURE OUT HOW

play01:47

THEY GOT INTO THE ENVIRONMENT

play01:49

AND DO THEY STILL HAVE ACCESS

play01:51

THE SECOND THING, ORGANIZATIONS

play01:52

NEED TO DO, THEY NEED TO START

play01:53

TO RECOVER THEIR SYSTEMS AND

play01:54

THEIR ENVIRONMENT SO THEY CAN

play01:57

CONTINUE TO RUN BUSINESS

play01:58

OPERATIONS.

play01:58

THAT USUALLY TAKES A FEW WEEKS

play02:00

TO DO THAT.

play02:00

AND FINALLY, THEY NEED TO MAKE

play02:03

SURE THE ENVIRONMENT IS

play02:04

HARDENED ENOUGH SO THEY CAN NOT

play02:06

GET EASILY REHACKED BY THE

play02:08

THREAT ACT OR OR OTHERS THAT

play02:11

MIGHT BE INTERESTED IN

play02:13

DISRUPTING BUSINESS OPERATIONS

play02:15

AND ASKING FOR AN EXTORTION

play02:16

PAYMENT.

play02:16

>> ARE THERE ANY PATTERNS YOU

play02:17

ARE SEEING IN CASES LIKE THIS

play02:19

THAT IT FITS INTO OR IS A NEW

play02:25

ANIMAL?

play02:25

>> Reporter: WE SEE EXTORTION

play02:26

OPERATIONS CONDUCTED AGAINST

play02:27

ORGANIZATIONS OF THE UNITED

play02:30

STATES ALL OF THE TIME.

play02:32

MEDIA RESPONDS TO THOUSANDS.

play02:33

MANY OF THEM RELATE TO

play02:34

DEPLOYMENT OF RANSOMWARE AND

play02:36

ASK OF AN EXTORTION DEMAND FROM

play02:39

THREAT ACTORS AGAINST VICTIM

play02:41

ORGANIZATIONS.

play02:41

WE HAVE SEEN ATTACKS TOWARDS

play02:43

HEALTH CARE, NUMBER OF SUPPLY

play02:47

CHAIN ORGANIZATIONS, BANKING,

play02:48

ET CETERA.

play02:48

THREAT ACTORS ARE LOOKING FOR

play02:50

WAYS TO GET PAID MULTIMILLION

play02:52

DEMANDS BY CONDUCTING THESE

play02:54

TYPES OF INTRUSION OPERATIONS.

play02:54

>> AND, IS IT BECAUSE THE

play02:58

HACKERS ARE GETTING BETTER AT

play03:02

HACKING OR SYSTEMS GETTING

play03:03

WEAKER?

play03:04

OR ARE WE NOT GOOD -- ONE CASE

play03:07

SOMEONE DID NOT HAVE TWO FACTOR

play03:09

AUTHENTICATION THAT IS

play03:11

LAZINESS.

play03:11

>> Reporter: A LOT OF

play03:12

OPPORTUNITIES FOR THREAT ACTORS

play03:13

TO BREAK IN.

play03:15

IT IS DIFFICULT FOR

play03:16

ORGANIZATIONS TO CONTINUOUSLY

play03:18

DEFEND AGAINST THREAT ACTORS.

play03:18

A PROBLEM WE WILL CONTINUE TO

play03:21

SEE AND THREAT ACTORS ARE

play03:22

ABSOLUTELY GETTING BETTER BUT

play03:23

THE GOOD NEWS IS WE ARE ALSO

play03:26

GETTING BETTER FROM DEFENSIVE

play03:27

PERSPECTIVE.

play03:27

I HOPE THAT OVER TIME AS WE SEE

play03:31

MORE ACTIONS BY LAW ENFORCEMENT

play03:32

THAT THE AMOUNT OF INTRUSIONS

play03:33

WILL START TO DECREASE A BIT

play03:36

OVER TIME.

play03:36

>> WHAT CAN BUSINESSES DO TO

play03:39

HARDEN THEIR TARGETS AS IT

play03:43

WERE?

play03:43

>> Reporter: FOCUS ON THE

play03:46

FUNDAMENTALS, MULTIFACTOR IS

play03:47

IMPORTANT FOR DEFENDING

play03:48

NETWORKS.

play03:48

ENGAGE THE GOOD FOLKS TO BREAK

play03:50

INTO THE NETWORK BEFORE THREAT

play03:51

ACTORS HAVE THE ABILITY TO DO

play03:54

THAT.

play03:55

PATCH SYSTEMS, PATCH SOFTWARE.

play03:57

IT IS REALLY CRITICAL AND

play03:59

IMPORTANT.

play03:59

AND, ASSUME THAT ORGANIZATIONS

play04:00

MAY HAVE A LEVEL OF INTRUSION

play04:03

AGAINST THE ORGANIZATION OR

play04:04

AGAINST SYSTEMS AND TRY TO

play04:07

BUILD SOME DEFENSIVE CONTROLS

play04:08

AND VISIBILITY ACROSS THE

play04:09

ENVIRONMENT TO STOP AN ATTACK

play04:12

FROM BEING DISRUPTIVE TO AN

play04:13

ORGANIZATION.

play04:14

>> IS THERE AN ORGANIZATION IF

play04:15

I AM IN A CERTAIN BUSINESS

play04:17

SHOULD I BE MORE CONCERNED THAN

play04:19

ANOTHER?

play04:19

IF SO, WHAT KINDS OF BUSINESSES

play04:21

ARE RIPE FOR TARGETS?

play04:26

>> SO, FROM AN EXTORTION.

play04:31

ANY ORGANIZATION THAT SEVERAL

play04:33

HUNDREDS OF MILLIONS,

play04:35

ULTIMATELY THESE THREAT ACTORS

play04:36

ARE LOOKING TO CREATE ENOUGH

play04:38

BUSINESS DISRUPTION AND COWORSE

play04:40

VICTIMS INTO PAYING USUALLY

play04:42

SEVEN OR EIGHT FIGURE DEMANDS.

play04:45

SO, REALLY THEY ARE

play04:46

OPPORTUNISTIC.

play04:46

HOWEVER, WE HAVE SEEN MUCH MORE

play04:48

TARGETED ATTACKS AGAINST HEALTH

play04:50

CARE ORGANIZATIONS OVER THE

play04:51

PAST SEVERAL MONTHS BECAUSE IT

関連動画をさらに表示

Major cyberattack still hampering car dealerships

Thousands of car dealerships’ operations crippled by cyberattack

CDK Global cyberattack leaves thousands of car dealers floundering

FULL Dialog - Mantan Hacker Bicara Soal Data Nasional "Down"

It's Time to Pay the Ransom

Cyber attack on auto dealership software impacts car sales across Colorado

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
関連タグ
CyberattackCar DealershipsOperational DisruptionFinancial LossRansomwareBusiness InterruptionCybersecurityData BreachSoftware SystemsThreat ActorsRecovery Time
英語で要約が必要ですか?